[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SDSI syntax -Reply

At 11:47 AM 5/8/96 -0400, Bob Jueneman wrote:
>>>> Carl Ellison <cme@cybercash.com> 05/07/96 05:24pm >>>
>At 12:24 PM 5/6/96 EDT, Ron Rivest wrote:
>>>Bob Jueneman notes that large files (e.g. photos) and other documents may
>>be common, as part of the discussion on canonicalization.
>>One can use a (location,hash) pair to stand for any object -- no matter what
>>size.  I, for one, would rather not send digitized photos or
>voice along as part of a certificate I was using to get FTP access to some
>site.  I would want that to be small -- possibly referring to
>such objects and incorporating them by reference but not schlepping them.
> - Carl
>Carl,  you may have missed the original comment, where I discussed
>point-of-sale terminals, digital driver's licenses, etc., that would be
>examined by a living person. I wouldn't suggest using a "mega-certificate" to
>access FTP files, although the question of how to
>biometrically authenticate access controls at a distance is an interesting one
>(especially considering replay attacks).
>The trade-off between including information in the certificate vs. having to
>retrieve the information from a remote source and compare
>the message digest to the hash in the certificate cannot be made in a vacuum. 
>I can surely read information more quickly off ta CD-ROM
>with a 6X or 8X drive than I can download it via modem at any speed less than

Other points to consider are whether you are likely to have the large
object already cached, and whether you need it for your use of the
certificate.  (Obviously for single capability certificates you are very
likely to need whatever is in the certificate.)  This area is very
application specific.

Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA